How to: Install Fuzzbunch & DanderSpritz?

Posted: 2 years ago by @pentestit16476 viewsUpdated: June 27, 2017 at 5:06 am

I’m thinking I might already be a week late posting this today, but this post about Fuzzbunch and DanderSpritz has been sitting in my drafts for all this while and I thought of completing it any way.

As all of us know by now that the Equation Group gave us all an early Easter surprise by release an awesome cache of tools that were targeted against the Microsoft Windows operating systems – some of which are End Of Life – and other software’s along with a bunch of backdoors and rootkit. My older post – List of Equation Group Exploits already lists the names of the tools and their targets. With that cleared, moving on to the main topic of interest. Download the files listed under “EQGRP_Lost_in_Translation” and proceed.

What are Fuzzbunch & DanderSpritz?

Fuzzbunch is what Metasploit is to penetration testers. It is an an easy to use framework written in Python, that allows you to launch exploits and interact with different supported implants. DanderSpritz is a Java based management command & control console to administer compromised computers. Think of it is a Remote Access Trojan to control your “servers”.

EGRP-Windows

This is how the decompressed files look and the ones marked are Fuzzbunch (fb.py) & DanderSpritz (start_lp.py). At first, I tried running it with Python 2.7.13, but was unable to do so. Later as I read the code, I found the following:

So, you see you need Python 2.6.x (I used Python 2.6.6) on either of the above mentioned operating systems in order to run Fuzzbunch. It is used to invoke various attack modules. The use of these modules tend to be automated, where the modules automatically share information. Modules can also be modified by modifying their related XML files to define their own parameters.

So, you also need Python for Windows Extensions (PyWin32). I took a chance and downloaded the latest version pywin32-221.win32-py2.6.exe from here. Thinking that I had everything ready, I launched Fuzzbunch. I was greeted with a message about some directory not available. The answer to which is creating the following directory:

windows/listeningposts

Post all this on my Windows 7 test machine I got this:

Fuzzbunch

Now, onto DanderSpritz – there are two ways to execute this C&C tool:

Running Start.jar

Running start_lp.py

The first time you execute DanderSpritz, you get a screen asking you for various configuration:

DanderSpritz

After you press “Go”, you are taken to a screen that looks like this:

DanderSpritz-Main

The errors in red tell you what you are missing. So you can simply create a logging directory by running the configure_lb.py script.

One more of the errors mentioning a missing file can be can be overcome by creating a dszopsdisk-x.zip archive. I think it was meant to have all the contents under “/storage“.

Featured Post

Kali Linux 2019.1 is the latest Kali Linux release. This is the first 2019 release, which comes after Kali Linux 2018.4, that was made available in the month of October. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.3, including a shiny new Linux kernel versionRead more about UPDATE: Kali Linux 2019.1 Release!